OVN - The future of networking in OpenStack

1. OVN - The future of
networking in OpenStack
1
Ha Noi, 01/2020
ĐỖ XUÂN SƠN
BizFly Cloud Engineer

2. Contents
2
I. OVN Overview
II. Introduce netwoking-ovn in OpenStack
III. OpenStack-OVN deployment model
IV. Compare performance of ML2/OVN with ML2/OVS
V. Advantages and disadvantages of networking-ovn

3. I. OVN Overview
• OVN (Open Virtual Network) is a subproject
in Open vSwitch. In addition to the existing features
of Open vSwitch, OVN supports additional
features such as virtual L2, L3 overlay and security
groups.
• OVN is written by C language.
3

4. 4
OVN Overview - Features
• Some high-level features of OVN include:
1. Provides virtual networking abstraction for OVS
2. Supports flexible ACLs (security policies) implemented
using flows
3. Native support for distributed L3 routing using OVS
flows
4. Supports L3 gateways from logical to physical
networks
5. ARP and IPv6 Neighbor Discovery suppression for
known IP-MAC bindings
6. Native support for NAT and load balancing
7. Native fully distributed support for DHCP

5. 5
OVN Overview – Architecture
• OVN includes 3 basic components:
1. OVN Central: OVN-Northd + OVN
Northbound DB and OVN Soundbound
DB
2. OVN Controller: connect to south db and
config "Integration Bridge br-int"
3. ovs-vswitchd: Open vSwitch daemon for
bridges

6. 6
OVN Overview - Architecture

7. 7
OVN Overview – Physical Model

8. 8
II. Introduce netwoking-ovn in OpenStack
• The networking-ovn project provides
integration between OpenStack Neutron and
OVN.
• networking-ovn offers features:
1. Layer-2 (switching)
2. Layer-3 (routing)
3. DHCP
4. DPDK
5. Trunk driver
6. VLAN tenant networks (OVN version 2.11 (or
higher).)

9. 9
Workflow networking-ovn
ML2/OVS ML2/OVN

10. 10
QoS in networking-ovn
• Currently, QoS is implemented by TC
command. This solution has many drawbacks
such as:
oOnly supports the bandwidth limitation of egress
directions on the tunnel interface of the Compute
node.
oNot supported VLAN network.
• In the future, Meter is a comfortable solution,
which is implemented in OpenFlow as an
action, so it is flexible and exact.
oBy meter action, we can implement QoS from both
directions, also, we can support DSCP.

11. Several differences between ML2/OVN
and ML2/OVS
• DHCP service:
• ML2/OVS use DHCP agent.
• ML2/OVN use the DHCP allocation mechanism of
OVN
• L2 population and ARP Responder
• ML2/OVS:
• L2 population is implemented at table 20 of OVS br-tun.
• ARP Responder is implemented at table 21 of OVS br-
tun.
• ML2/OVN:
• L2 population is implemented at table 24 and 32 of br-int.
• ARP Responder is implemented at table 19 of br-int.
11

12. Several differences between
ML2/OVN and ML2/OVS
• Metadata service:
• ML2/OVS uses metadata services to listen on dhcp
namespace or router namespace.
• ML2/OVN use metadata namespace on each
Compute node.
12

13. Several differences
between ML2/OVN and ML2/OVS
• ML2/OVS supports VXLAN/GRE/GENEVE
protocol for tenant networks.
• ML2/OVN supports GENEVE protocol for
tenant network.
• The cost for overlay of GENEVE in ML2/OVN is 58
bytes.
• The segmentation_id field of the network
ML2/OVN does not correspond to the actual
GENEVE VNI of the tenant network. Because
GENEVE VNI of the tenant network is managed by
OVN.
13

14. III. OpenStack-OVN deployment model
• Deployment model includes:
• 1 Controller node
• 3 Database nodes (OVN Central)
• 3 node Network nodes
• 2 Compute nodes
14

15. Routing - Non distributed FIP
15

16. Routing - Distributed Floating IP
16

17. HA for router
• HA for router uses Bidirectional Forwarding
Detection (BFD) protocol.
17

18. High Availability for OVN Central
• OVN Central has 3 models:
1. standalone
2. active-backup
3. clustered
18

19. HA for OVN Central : active-backup model
• Support from OVS version 2.6.
• We can use pacemaker tool to manage this.
19

20. HA for OVN Central : clustered model
• Support from OVS version 2.9.
• Clustered running on 3 servers or 5 servers or
more. Servers in the cluster automatically
synchronize the database modifications in the
cluster.
20

21. HA for OVN Central : clustered model
21

22. HA for OVN Central : clustered model
• When all nodes of the cluster are failed, we
can regenerate OVN DB by using the
command Controller node:
neutron-ovn-db-sync-util --config-file
/etc/neutron/neutron.conf --config-file
/etc/neutron/plugins/ml2/ml2_conf.ini --
ovn-neutron_sync_mode repair
22

23. IV. Compare performance of
ML2/OVN with ML2/OVS
• In this lab, we compare the bandwidth
performance between ML2/OVS and
ML2/OVN in two cases:
1. Virtual machines is attached to a private network
2. Virtual machines is attached to a provider
network
23

24. Virtual machines is attached to a
private network
• Looking at the chart, we see that the bandwidth
of traffic between virtual machines and the
public network when using ML2/OVN is better.
24

25. Virtual machines is attached to a
provider network
• The bandwidth performance, in this case, is the
same.
25

26. V. Advantages and disadvantages of
networking-ovn
• Advantages:
• Native support for NAT
• Native support for distributed L3 routing using OVS
flows, with support for both IPv4 and IPv6
• Native distributed implementation for DHCP.
• Native support L2 population and ARP Responder
• Native support for load balancing
• Support DPDK, SR-IOV
26

27. V. Advantages and disadvantages of
networking-ovn
• Disadvantages:
• No support FWaaS, VPNaaS.
• QoS feature has many drawbacks.
27

28. Reference
• https://docs.openstack.org/networking-
ovn/train/
• https://next.redhat.com/2017/08/15/understandi
ng-the-open-virtual-network/
• https://docs.openstack.org/releasenotes/networ
king-ovn/
28

29. 2
9